Thursday, November 14, 2019

Computer Outsourcing Security Risk :: Globalization Essays Papers

Computer Outsourcing Security Risk Inherent security risks of outsourcing -- what the CIO should know who were previously competitors are partnering in order that they may share risk, preserve capital, and gain market share from other competitors. It seems as though some companies soon will have outsourced so much of their business they will be in danger of becoming a business in name or brand only. While there can be many business benefits to outsourcing business functions and partnering with vendors and others in your business, the downside is always that it brings much added risk to your supporting systems, networks, and business critical applications. The more your network is extended and the more nodes or hosts are added-then all the more intrusion vectors (new and vulnerable risk points) become available for possible exploit and resultant harm to your company. As you connect your networks with various outsourcers, partners, vendors, alliances, and even consortiums you may, and probably will, connect with whom they do. The above connection scenario changes the established trust model from explicit and understood trust to one of transitive implicit trust. This is the "I may trust you but I do not necessarily trust who you trust" scenario. What can make the issue all the more complicated is that the company you outsource critical functions to may outsource some of its critical functions as well, and, you may not realize the potential impact to you until after long-term contracts are signed. Then it may be too late to amend contracts in order to protect your company from potential loss and liability. More connections to your network will bring more intrusion vectors or risks. These risk points must be tightly controlled and monitored at all times. Some companies may have hundreds of network connections, using a variety of communication methods, e.g. Internet, frame relay, leased line, microwave, wireless, satellite, fiber, ad nauseum. With so much variety in your connection types how will you know if a breach (successful or unsuccessful) in your network has o ccurred? How can you know what is happening in your partner's networks, or in the networks of those whom he is connected to? It may likely be through your friendly partner connections that you become open to intrusion, not from a more direct outside intrusion. Watch those trusted host relationships carefully. Are you ready to respond to a breach of your network? Usually, agreements are made and contracts are signed before a project team becomes involved in implementing a connection for a partner or an outsourcing contract.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.